Information
Autologon should be disabled if it is not needed.
Some VMX parameters don't apply on vSphere because VMware virtual machines work on vSphere and hosted virtualization platforms such as Workstation and Fusion. The code paths for these features are not implemented in ESXi. Explicitly disabling these features, such as autologon, reduces the potential for vulnerabilities because it reduces the number of ways in which a guest can affect the host. Note that these are referenced for organizations that insist any documented setting, regardless of whether it is implemented in code or not, must have a value.
Solution
To set this configuration utilize the vSphere interface as follows:
- Select the VM then select Actions followed by Edit Settings
- Click on the VM Options tab then expand Advanced
- Click on EDIT CONFIGURATION
- Click on ADD CONFIGURATION PARAMS then input isolation.tools.ghi.autologon.disable with a value of TRUE
- Click OK then OK again.
Alternatively you may run the following PowerCLI command:
# Add the setting to all VMs
Get-VM | New-AdvancedSetting -Name "isolation.tools.ghi.autologon.disable" -value $true
Item Details
Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|16.7
Control ID: d645aa208b3d91db5af9c34055035e9d19cc2b49374ba9c8e1119512c7fec504